CVE-2023-1838
Published Apr 5, 2023
Last updated 9 months ago
Overview
- Description
- A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4656B60F-29E8-4D7E-B827-28CC2223B5C0",
"versionEndExcluding": "4.14.317",
"versionStartIncluding": "4.13"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12",
"versionEndExcluding": "4.19.245",
"versionStartIncluding": "4.15"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32",
"versionEndExcluding": "5.4.196",
"versionStartIncluding": "4.20"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA790029-5DF7-42D7-962E-C810540457A5",
"versionEndExcluding": "5.10.118",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816",
"versionEndExcluding": "5.15.42",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F",
"versionEndExcluding": "5.17.10",
"versionStartIncluding": "5.16"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43"
},
{
"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F"
},
{
"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098"
},
{
"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9"
},
{
"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F"
}
],
"operator": "OR"
}
]
}
]